Oslo-based antivirus vendor Norman is planning to launch Norman Network Protector, an appliance that scans traffic and blocks the content it deems dangerous, at the annual RSA conference going on this week in San Francisco.
The device sits inline between network segments and scans traffic as it comes through, analyzing it for malware. The company says it does this fast enough that by the time the final pieces of a file transfer, for instance, come by, the appliance has figured out whether it contains dangerous code.
When it finds malware, the machine blocks the final parts of the transfer, triggering a re-send request, which it also blocks. The net effect is that the infected traffic doesn't get through. The device can scan nine different traffic types.
Because the traffic is scanned and forwarded packet by packet -- not buffered until the entirety of a file has been scanned -- and because the device only blocks bad traffic at the last moment, delay caused by the box is minimized, Norman says.
At RSA the company is also announcing DNA Matching, a method of detecting variants of malicious code without having a complete signature. Once the device has found a complete string of malicious code, it subsequently checks for code that employs the same subroutines and blocks it as malicious.
Ad Choices
Comments